I suppose that the 3-D CAPTCHA is an interesting problem to a programmer. Seems to me, though, that "What is the Capitol of 'some country' " or "What are the second, middle and last letters of 'alkdfjalkjljkha' " would be as effective. Either way, it appears that we are moving towards CAPTCHAs that have to be translated into many languages.

Sounds unrealistic to me. I dont know every capital in the world, well you can say "google it!", but not all people know how to google (elderly for instance), last but not least, not hard to build a capital database for bot.

Quote:

"What are the second, middle and last letters of 'alkdfjalkjljkha' " would be as effective.

__________________religions, worst damnation of mankind"If 386BSD had been available when I started on Linux, Linux would probably never had happened." Linus TorvaldsLinux is not UNIX! Face it! It is not an insult. It is fact: GNU is a recursive acronym for “GNU's Not UNIX”.vermaden's:linksresourcesdeviantartspreadbsd

One spam prevention measure, which I had implemented (after reading about it somewhere) is a bit of form trickery.

Basically, you have an array of several inputs for a given field. You randomly select one as the valid field, giving it a CSS class to make it visible. The rest get a CSS class to hide them. The form has a hidden input with information on which input is valid for a given field (indexed). This data is encrypted. When the form is submitted, the encrypted string is decrypted, and the inputs checked. If any of the invalid inputs have values, the submission is considered spam.

I like this method because it is unobtrusive. However, it be a bit of a PITA on the back end. Writing a good library for it helps.

There are some pitfalls, though. For instance, the CSS could be parsed. You can do some trickery with that though. Usually I have 5 - 10 different CSS classes for both the hidden and visible inputs and randomly assign one of the classes to each input. The CSS is defined in an external file. It would be possible to have multiple definitions for a given class, with the last one taking precedence.

Also, it wouldn't be viable for people running browsers without CSS (eg: console, or CSS disabled).

I figure that if the spam check fails (within a certain range, such as 1%-30% of the fields fail), then it could revert to a captcha style spam prevention measure.

Spam prevention is just like virus protection - you either have to be ahead of the game, or really good at playing catch-up.